package com.example.config.security;

import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;

@Configuration
@EnableAuthorizationServer
@Order(-20)
//@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)

public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
    
    @Override
    protected void configure(HttpSecurity http) throws Exception { // @formatter:off
    	http.formLogin().loginPage("/login").permitAll()
	        .and()
	        .logout().logoutSuccessUrl("/")
	        .and()
	        .requestMatchers().antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access")
	        .and()
	//        .csrf().disable()
	//        .and()
	        .authorizeRequests()
	        .anyRequest().authenticated();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/static/**");
    }
}